In this engaging episode recorded at AISA Cyber Con 2024, Sean Martin, Marco Ciappelli, and Joseph Carson explore the real-world dynamics of ransomware attacks, ethical dilemmas around paying ransoms, and the global shifts in cybercrime tactics. Packed with insights, humor, and actionable advice, this conversation will leave you inspired to rethink cybersecurity resilience and collaboration.
Guest: Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, Delinea
On LinkedIn | https://www.linkedin.com/in/josephcarson/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
At AISA Cyber Con 2024, amidst the bustling energy of Melbourne, the conversation between Sean Martin, Marco Ciappelli, and Joseph Carson provided a unique perspective on cybersecurity challenges and insights. The setting wasn’t just a backdrop—it was a canvas where shared experiences and professional journeys painted a vivid picture of evolving cyber threats and collaborative defense strategies.
The Dynamics of Engagement
The dialogue kicked off with a casual and candid exchange, where the speakers reflected on the nuances of attending conferences—long walks between sessions, weather swings, and the unexpected yet pleasant surprise of encountering familiar faces. Marco and Sean seamlessly blended humor and camaraderie into their conversation, making the technical discussion both engaging and relatable.
Insights on Ransomware Realities
Joseph Carson shared a deeply technical yet accessible walkthrough of ransomware attacks. He explained his approach to recreating real-world scenarios to educate organizations on vulnerabilities and lessons learned. He highlighted that while AI garners much attention, attackers often rely on basic techniques that remain effective. His revelation that many victims still struggle with simple misconfigurations and weak credential management served as a stark reminder of cybersecurity’s foundational importance.
The audience's reaction underscored the relevance of these insights. Many attendees, identifying parallels with their organizational experiences, approached Carson afterward to share stories or seek advice. This interactive exchange emphasized the importance of open dialogue and proactive learning in addressing cyber threats.
Ethical and Strategic Considerations in Cybersecurity
The discussion also touched on the ethical dilemmas surrounding ransomware payments. Carson recounted incidents where organizations faced the difficult decision to pay ransoms to save critical operations. His narrative of assisting a cancer research organization emphasized that these decisions are fundamentally business-driven, balancing continuity against principles.
Sean and Marco expanded on the implications of regulatory frameworks. They debated the effectiveness of Australia’s laws permitting ransomware payments under strict disclosure conditions, exploring whether such measures could foster collaboration between government agencies and the private sector or inadvertently sustain the criminals’ business model.
Global Trends and Local Challenges
The conversation delved into how sanctions and geopolitics influence cybercrime. Carson explained how ransomware operators adapt their strategies, targeting regions with fewer regulatory constraints or financial barriers. He emphasized the need for global cooperation to create a resilient cybersecurity ecosystem, advocating for shared intelligence and collaborative defense measures.
Marco’s observations on the societal aspect of cybersecurity resonated strongly. He noted that resilient countries could inadvertently shift the burden of ransomware to less developed regions, highlighting the ethical responsibility to extend cybersecurity efforts globally.
Final Thoughts: Building a Safer Digital World
The discussion wrapped up with a call for cooperation and proactive measures. Whether through fostering societal awareness or tightening organizational controls, the speakers agreed that tackling cybercrime requires a unified effort. Carson emphasized that sharing knowledge—be it through podcasts, conferences, or direct collaboration—creates a ripple effect of security.
This conversation at AISA Cyber Con wasn’t just an exchange of ideas but a demonstration of the power of collaboration in combating the ever-evolving challenges of cybersecurity. Through humor, storytelling, and expertise, Sean, Marco, and Carson left their audience not only informed but inspired to act.
____________________________
This Episode’s Sponsors
Threatlocker: https://itspm.ag/threatlocker-r974
____________________________
Resources
Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia
Be sure to share and subscribe!
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
Inside the MIND of a Hacker - Insights and Lessons From a Ransomware Attack | An Australian Cyber Conference 2024 in Melbourne Conversation with Joseph Carson | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Marco Ciappelli: [00:00:00] Check. Look who's here.
Joseph Carson: Who is here? I don't know. Wherever I go is here. Like San Francisco, London. What I'm doing is I'm just checking your schedule. And then I kind of feel like, you know, I feel like it's a good time to, you know, I can go to that place and we can catch up, meet up, have a good chat.
Marco Ciappelli: I love that. Like, I was just sitting in the hotel the other night and I'm like, you know, catching up on things. And then here you go.
Joseph Carson: Walk in. You know, the funny thing was, as I was walking, I was like, it's a pretty long day. I'm walking through. I've got my luggage. I've been on multiple flights. I see the trainers, I go, I've seen those before as he slowly, as he slowly look up, of course, who was it?
Yeah,
Marco Ciappelli: I like to change the color and go yellow, orange, now white, but as long as they're comfortable, that's the important thing. We walk a lot here. We do,
Joseph Carson: we walk a lot, a lot. Uh, and these conference centers get longer distances that you have to get between places.
Sean Martin: Listen as an exhibition and a conference.
Yes. [00:01:00] Two centers in one. And people may be
Marco Ciappelli: wondering, what the hell are they talking about? Where are they now? We are in Melbourne. It's been raining, but now it's sunny. All in five minutes. As soon as Joe entered
Sean Martin: the scene. The sun came
Marco Ciappelli: out. Rainbows.
I'm hoping, I'm hoping
Joseph Carson: the planes are flying this evening as well. So I stay on schedule.
Sean Martin: You had a delay getting in, didn't you?
Joseph Carson: I had a delay getting in. Um, on, uh, so it was like a, every flight was two hours later, but I was lucky enough to get an earlier, like, like changed my flight to an earlier one. So I didn't get here too late.
It was, uh, not too bad.
Marco Ciappelli: Very cool. And you did, uh, a session here. Absolutely. I did, uh,
Joseph Carson: I, so I did a session, uh, yesterday morning and, uh, it was, uh, right after the keynote. It was a packed room. There's like no places. The back wall just had people standing around. And I think one of the things was is that if the topic was all around taking people through a real [00:02:00] world ransomware case and showing the lessons learned.
It's not often you get, you know, companies who become victims to allow you to speak on their behalf. To share the really insights and details about the good things that happen and also the bad things. And I think for the audience coming in, and I suppose in this region, it is becoming a very hot area for increased ransomware attacks.
And they want to learn. They want to learn from organizations who were victims. And about what things went wrong and what things went right. And that session takes them through. And during the session, I also, I like to show live. Like, I like to show them the real thing. So I recreated the ransomware attack.
Exactly to the detail and I actually share that and I walk them through and take them through not just the, from a victim perspective, but also from the hacker perspective to show them about when an attacker sees something, this is what they're thinking about when they see that, and then if they come across some type of security control that's preventing them from moving forward, the thought process around how they're [00:03:00] thinking, how do I get around that?
And then how do they augment their techniques? And ultimately, it gets to the point where I showed, we had a big hype this year around attackers using AI and AI becoming the big trend. Um, but during that session, I showed them that attackers don't need to use AI today because the basics still work. They are using it in certain areas, but the basics still work.
They're still stealing credentials. People are still reusing passwords. They're still able to crack them. They're still able to go on the dark web and buy them and get that initial access. And ultimately, you know, to FAA and
Sean Martin: FAA.
Joseph Carson: They do have, but the problem is they have MFA, but not 100%. And the attackers are really good at finding those accounts where MFA is just not turned on.
Or, they do have MFA, but they've actually enabled so many other security controls right down to security questions. So that MFA is the strongest, but they don't have to use that. They can go and say, well, let's go and do security questions. So security in MFA is only as good as the weakest security that [00:04:00] you've actually put in place.
And they bypass it very easily.
Marco Ciappelli: So what was the reaction of a room pack of people when you actually showed that? Maybe a lot of people would expect, Oh, it's going to be all about AI. You know, there's a hammer and there is an ale.
Joseph Carson: Absolutely. So the interesting thing, so what came around was a lot of the questions that came out and the people came up afterwards and they're like, oh my goodness, we were a victim.
And the exactly the same steps that you just showed was what we experienced. So you get that acknowledgement. You also get others thinking, Oh, my goodness, I, my environment has those same, you know, misconfigurations are over for these users and they're not in a scenario. But what can we do today in order to prevent and reduce that risk?
So the big the business more resilience and I think, you know, the good thing is, is that, you know, those who were victims, they acknowledge it and they going. Yes, we're glad we make made the steps to prevent it for the future. And then there's others that haven't been become victims yet that have the risk.[00:05:00]
and annoying the case of thinking of like we need to take action immediately. We need to take this knowledge, go to our management, go to our uh teams and find ways around how they can prioritize, to make sure that they do the right things and make it difficult for attackers.
Sean Martin: Well there's, there's been a lot of talk in the last couple days around the new cyber act I believe it is.
Which requires the disclosure of a ransomware attack. And I don't know, how, how deep does that disclosure go? What is it? Does it capture some of the, what?
Marco Ciappelli: The news for me is not that it requires that you disclose it. It's that it allows you to pay it. Which in other countries is not even I mean, I know, I'm just There's two angles to this.
I like your opinion on both.
Joseph Carson: I mean, so I did listen to the sessions around the new act and the law. And for me, it doesn't have enough, uh, kind of, let's say, punishment to [00:06:00] Do responsible disclosure on incidents. I think that a lot of organizations look at and think that the penalty is so low, that, you know, let's, let's avoid it.
So you're, what you're doing is you're not kind of getting the right incentive in order to get the information to help you make better decisions. What you're doing is you're putting in place is that, um, that the penalty for actually not reporting is actually so minimal that organizations will be like, well, if I report, Um, I will have a bigger impact versus just not reporting and paying the penalty if I do get fined out.
So I don't think, I think that it is a good idea, but I don't think the execution has been really thought through.
Sean Martin: To me that, and we'll cover your point in a second, but I think the other, what I've heard is it was an incentive to be open.
Joseph Carson: Yes, the transparency. And what I'm hearing from you is
Sean Martin: that it's still a penalty driven, people aren't going to do it, or organizations aren't going to do it, because of the perceived negative impact.
Joseph Carson: Correct. Correct. So, interesting. So, one of the things during my talk yesterday, [00:07:00] I went through a scenario and I showed them that, um, as I was doing the, the digital forensics and the instant response and I had all the logs and I was looking through the logs and during that specific incident, I found evidence of another victim.
So, and that's common is when you're investigating cases, uh, that you'll find that the attackers copy paste a lot of their payloads and then they copy paste, you know, logs from other victims. And you, as you're going through, I find usernames, passwords, IP addresses, domain names of another company, of another victim, sitting right in the, uh, the logs.
So I thought, okay, I got permission. I went and got authorization to contact that company. And then, interesting, so I'm dealing with an organization which is a large transportation company, who's a victim, and they're going through the response. And then I found, uh, evidence of a large entertainment sports organization, huge, that they were also victims.
So I got information, I contacted them proactively, I went on the website, found out the contacts for the security team, uh, disclosure. I reached out, I sent, uh, [00:08:00] information saying that I'm investigating another case. I find evidence of data that, uh, relates back to you. And some domain names and shared some of the IP addresses.
And said, uh, you know, maybe we can share, maybe we can collaborate together and find out what things they did. Maybe it's the same criminals, maybe we can share indicators of compromise. And not long after, like I was within minutes, I got a response back saying you're wrong, we weren't the victim, um, the information you have is not correct.
And I was confused because you said I'm looking at it. Like, really? I go to the domain and look up everything and everything's reporting, everything's pointing back to them. So I thought maybe they don't, they haven't discovered they're a victim. So I went and I contacted them again, not long after the response.
I said, maybe you, maybe they're just actually in the progress. I'm going to deploy the ransomware. If we act fast, we could stop you from becoming a victim. So I thought I was doing all this proactive and doing the right thing. And so I reached out and I was like, let's, you know, let's find, let's, let's stop it.
And no response. [00:09:00] And I was thinking, okay. I thought, well, I'm not going to push you. I don't want to kind of get into, you know, pushing you kind of force because if they're not willing to work with you, then it's going to be difficult to kind of cooperate. So I left it at that. And, uh, The specific case that I was working on took about three months end to end from when I started to when I finished and at the end I had to go and I had to collect all of my evidence and I have to archive it and I have to then hand it over, uh, to the organization's legal team and then they will work with law enforcement and work with other agencies in order to potentially try and, uh, you know, find the criminals and attribution and, and, and legal side.
So as I was gathering the evidence, I thought, hold on a minute, what I've got here on these, these desks. has actually, you know, this other victim's information. I thought it was my due diligence to let them know. So I thought, so, right at the end, three months later, I sent a, uh, another communication to that, uh, company, and I said, hey, um, just to let you know, I finished up my investigation.
The evidence that I've got [00:10:00] that relates back to your domain names and IP addresses and passwords is now being handed over to legal and law enforcement. They might decide later to contact you. Um, and that was it. And then again, right afterwards, response saying, Yes, you were right. We were a victim. We paid the ransom and we don't want to kind of publicly disclose it.
So, um, thank you for informing us. And, uh, that was the end of it. So for me, it was a bit where you, you're dealing with this. It shows you that there's a lot of organizations out there of all different sizes that they're paying the ransom. And it's not up to me to decide whether to pay the ransom or not, but I think it's important.
You know, we need a way to collect the data and to understand about what's working, what's not working. Because the more information we get back, the better we can understand the techniques and methods the attackers are using. We can put things in place to stop them. And if we're not getting that visibility, I think the law and the regulations should be all about transparency to work together collaboratively.
Um, but unfortunately, most of them are [00:11:00] that punishment. You know, you report, if you don't report, you get more punished than when you do report. And I think that's the, you know, the negative side of things. And I think we had to find ways. Um, I think the one good thing I heard about the law at least is that if you do report that it doesn't get shared further because the previously law that they had in place allowed the government to share it with other agencies.
Now, at least it stops at the, uh, the, like, uh, the national cert of the reporting, uh, organization. So at least that's like
Sean Martin: the HIPAA one. You report to healthcare and then it becomes public.
Joseph Carson: So at least there was that. At least changes which limits the further disclosure with other government agencies.
That's a positive, but there's a lot of work to be done.
Marco Ciappelli: So let's talk about ethical, right? So actually yesterday, right here, just walk by Mika. No, no, you saw it. Uh, and I was thinking we, we, we talked about this, right? He mentioned the fact that it was a ransomware. A few years ago in Finland, I believe, [00:12:00] that was about mental health care and it was very, very, very bad.
Yes. So we talked about the fact that, yeah, there are certain circumstances that it's probably better to pay the ransomware because the damage, it's going to be less. But if you, in general, allow to become the ransomware of the standard it's been for me become a business like another. So, uh, I don't know.
There's an ethical
Joseph Carson: thing. I mean, when it gets down to it is that years ago I was on the stance, don't pay the ransom. I was adamant. Um, but I realized that I'm a technical person. I am a person who looks at risk and I'm looking at security controls about you know, detection, prevention, all those things. Um, and there was a moment when I realized, and this actually goes back to, it was a time when NotPetya was happening.
And there was an incident that I got basically [00:13:00] asked to help provide some expertise on. And at that time I was like, don't pay, don't pay, don't pay. And I realized that actually I'm wrong. I can't, I can't be the person to make that advice or suggestion. It comes down to the business. The business has to be the ones that makes that decision.
It's a business decision because they have to decide whether the business will continue or not. And paying the ransom or not could be a situation where the business may not survive. Um, and there was a situation that there was a cancer research company that was impacted by a ransom back during NotPetya.
And I was like, they lost five years of data. And you're thinking about, that's data that's so sensitive to research and to people's lives and the future. Um, and it sets them back five years. So, lucky enough, I mean, not all criminals are ethical. But the negotiator who worked in that case contacted the ransomware criminals and they were showing them that, you know, this is the type of data that you've impacted.[00:14:00]
But most criminals, they see it as a business. It's a business model for them. Um, sometimes you get those that might have some moral compass and this one did. So for a nominal fee, they actually provide the key and a lot of the data. But that was the moment I realized that we as the security people, we can't be the ones that makes that decision.
It has to come down to the business, the legal, the country, um, and they have to make the decision. One of the things I have found that's been interesting is that, um, in the last couple of years, we've had lots of sanctions going in place, and sanctions actually have been a way that has actually changed the ransomware landscape.
Because those criminals who operate in countries where the sanctions are in place, it's got more difficult for them to get paid. So they've actually, uh, let's say, kind of decentralized the model. One of the things that they have done is they've moved some of their operations to other countries where sanctions are not in place.
Some of those places being the likes of Sri Lanka, uh, Vietnam, Indonesia, where they have ways to [00:15:00] operate around the sanctions, so bypassing it. Just like they've done with tariffs. They've done the same in ransomware gangs. The other thing what they've done as well is they've targeted countries where those sanctions are in place.
So North America and Europe have actually been less targeted from ransomware gangs because the getting paid part is more difficult. And hiding the financial tracks. So what they've done is they've moved into targeting countries such as Central America, Latin America, Africa, and Australia and other countries in this region where they don't have those uh, financial, you know, sanctions in place or even the uh, regulation and governance to put really strict cybersecurity controls in place to protect.
So where places have less controls in place and easier ways of doing the payments Attackers will focus on those because they're monetary focused. They want to get paid quick. They want to be able to hide the monetary track because the laundering the money is where they lose the most And that they have the launder it less and less people in that trail then they make more profit So this is where you're saying this shift [00:16:00] Into choosing, you know countries where it's easier to target less security in place No sanctions easier to get paid less people in the chain
Marco Ciappelli: But do you think that if you allow, like in this case in Australia, the ransomware to be paid as long as it is closed, there could be an advantage into then again, working together, involve the government, involve investigative agency and cyber criminal, I mean, the cyber security community and actually say, all right, we'll pay, but we're also making a gain, a gain.
Joseph Carson: I think that it's a, it's what you're doing is you're showing the criminals that you're, you know, they have a business model in your region. Um, and what you want to do is you want to make it difficult for the actually business model to be successful. And the way to do that is increasing the security for everybody.
Um, and then if you do have [00:17:00] responsible disclosure without the penalties in place, Then it allows you to understand the techniques better. And if you understand that the methods is being used, you can make sure that the right security controls are being enforced as well. So it's about making the balance and making it where the attackers will see that this country is actually more difficult and they will again, diversify their business and choose other countries where it's much easier because at the end of the day, it's all about monitoring.
It's about also time and how much effort it is to get victims to pay and get, you know, uh, ransomware deployed on victims. And therefore. They will, you know, choose easier locations. So this is where it's really about stepping it up and working together because it is a, it's a collaborative, uh, uh, effort.
We all have to basically work together. We all have to see about how attackers are changing what, what they're doing, um, how they're doing the, uh, payments and then making sure it's more difficult for that to be successful. So one of the things we will see in our industry is there's going to be a convergence between the financial [00:18:00] part and the cyber part.
Right now they're both operated separately. You've got cyber, who's doing basically, you know, the, uh, security controls, the digital attribution, and then of course you've got the money part, which is actually doing the money laundering, and the payments, and the kind of, um, and we will see an overlay between those two industries cooperating to understand more of the financial part, and the actually, the digital cyber part as well.
Um, interesting, one of the things that, you know, I got asked the question, I mentioned a bit about the AI side of things, I have seen many AI being used in some of the ransomware techniques. Not a lot, but in some areas. The area that I've seen the most is around the language and social engineering. For example, being based in Estonia, Estonian language is so complex.
It has been a level of protection for the country from social engineering and phishing campaigns for a long time. So, because if, you know, I got phishing campaigns, you know, three, four years ago. It was easy to spot because there were so many mistakes [00:19:00] in the language and the grammar. You could see it was machine generated, it wasn't very good.
So for the citizens it was very easy to attack social engineering and phishing for a long time. Kind of, then you get generative AI. And what that's done is that it's allowed attackers to do much more accurate and authentic looking phishing and social engineering campaigns. Whereas now the language is no longer protection.
They're able to do it in a way that looks perfect. It's even better than some people's own grammar. So you can actually, it's getting, you know, almost too, almost too perfect. So you can then maybe we'll look at the opposite side of the scale. So yeah, language is no longer protection. Actually in Estonia and Finland, they're not having to start thinking about different measures because they've relied on that for a long time.
And now they have a different strategy now because of generative AI is removing one of those protections. So language, social engineering, phishing on the rise, of course we see deepfakes and that is also a major area of concern. The other area I've seen attackers using it is in [00:20:00] data analytics. So when they get basically, you know, they gain access to a victim, they do a massive data exfiltration.
It used to take them weeks and months to analyze about what data they've got. What's the data? What's the value? Is there financial information in there? Is there credit card details? Is there credentials? Um, is there information about other access or controls? They've basically got so much data and it used to take them weeks and months to analyze it.
And now we can do it in seconds. And that's the other thing is that they can
Sean Martin: print a map of the network. Exactly. They can take that and they
Joseph Carson: can say, hey, you know, show me, you know, exactly. Like they've got models that say, how much can I actually demand and ransom from this data? Right. Wow. And that will also give them some ideas about what's the ransom likely, the extortion or money they can demand.
from the data value that they've got. So this is where the analyzing of the data has become so accelerated.
Marco Ciappelli: So
Joseph Carson: that's another area. Um, and so some of the, all the other things we've seen on the AI trends, it's mostly been on the defensive side and researchers. [00:21:00] Researchers looking at, you know, creating malware and, you know, creating different variances and so forth and getting it to reveal code and other things that it shouldn't be, you know, how to bypass the guardrails.
So a lot of it's, you know, in the research the good thing is AI is being part of it. heavily used more in defense. Um, but until we get the basic controls correct and increase those, attackers won't need to change because they're still able to, you know, do what they need to do today without the need to spend a lot of GPU power.
You know, then rather the GPUs being used for crypto mining, uh, rather than being used, or cracking passwords, rather than being used for basically, uh, generative AI.
Sean Martin: Maybe as we wrap, and I don't know if you have the numbers, I certainly wouldn't expect you to remember them off the top of your head, but I'm doing this math in my head.
If somebody pays the ransom, that amounts, let's just give it a figure of a hundred, whatever it is, a hundred. How many victims can be reached with that hundred [00:22:00] payment?
Joseph Carson: Okay, so, I mean
Sean Martin: In other words, are we enabling, by one victim paying, are we enabling another fifty to be compromised?
Joseph Carson: So, so, so let's go back.
I think one of the good examples was probably the Conti. Conti. Uh, take down because that revealed a lot of insights because they were able to get the command and controls. I've used Conti as a, like a, a baseline. Um, the reports that we had before Conti was taken down was that they had gathered around half a billion, about 500 million in ransom payments.
That's what we saw from the outside, from reports, from known victims, from disclosures and all of that. So it was approximately around 500 million. When they took Conti down, That actually the real figures was an excessive opinion. So you start seeing is that what was really being paid is what we had the transparency, is that it was actually twice, even, you know, two, three times more than what we know about.
So we had to start thinking about is that, yes, if we know or we have an idea of the amount of ransom being paid, we can probably estimate it's probably somewhere between two and [00:23:00] three times that is the reality. So I think that's what we're looking at. And of course, those who pay, it's not guaranteed that they're going to get there.
Um, some of the decryption processes in the keys are horrible. Um, they're single threaded, they don't work, you know, so um, you know, the time to recover might be days, weeks, and months. And you have to look at that, is that an efficient way to recover? So, one of my recommendations is, is that, you know, if you want to minimize and reduce the risk, have a very strong ransomware resilient backup process.
Um, and then the second thing is make sure that you've got a very good Uh, identity and credential management process as well. Uh, to really minimize a lot of the main areas that attackers are using and abusing. Uh, and have just a really good knowledge and insights. Just stay educated. Listen to, to, you know, your, your podcasts and episodes.
Because sharing gives it, you know, that intelligence. And the more that we can get it out there of what works and what doesn't work. And what things you should be concerned [00:24:00] about. I think the more we make the world a safer place. Yeah.
Marco Ciappelli: And also just my, my perspective I'm thinking right now is that the countries that are more resilient as a country, then they, they can allow the trickle, the, the, the ransomware business into countries that are already underdeveloped.
Yes. And so it's kind of like adding to, to the burning of. Of a third country.
Joseph Carson: Absolutely. And that means that we have to reach out to those countries and help. Exactly. Collaboration, collabor cooperation in the interest of, in intelligence, sharing and knowledge about what works and what doesn't work. So as we basically make ourselves better, the only way, and it gets back to, I remember, uh, a, uh, a project I worked on many years ago, and this was a risk assessment for a large, uh, car manufacturer.
And one of the things that, what we realized, and, and this goes back to that example you're saying. Is when we rolled out the [00:25:00] security kind of controls and security awareness training. Uh, security doesn't start with the employees. We realized that actually, uh, because it was interesting. We had a bring your kids to work day.
And I was realizing when we actually did a project and we had the kids helping us. The organization realizes actually with their employees. Security doesn't start in the office and it doesn't start with the employees. It starts with your social sphere. And the more you push out security further and further and further into the culture, into the society.
The more better we protect each other. Uh, I think, you know, some countries are doing that well in their society, and other countries not so well. And we have to reach out, and we have to bring everyone up together. Because the more we push out that boundary, um, the less success criminals will have when it comes to those, you know, uh, criminal techniques.
And the less places they'll have to operate from as well. And that's one of the key things, is that we, You know, we've all a joint kind of passion is making the world a safer place, both in, you know, physical and online. And I think the way that we get [00:26:00] there is by cooperation. I love
Marco Ciappelli: it. That's what it's all about.
You closed it. You did close it. Oh, thank you. That's the final word. Well, it was great to see you here, my friend. As always,
Joseph Carson: it's great talking with everyone and hopefully that this has been valuable.
Marco Ciappelli: Yeah, I really enjoy being on your podcast. Everybody stay tuned. This is second day. There's still another day and we get a lot many, many more, many more conversation either in the room where they locked us and throw away the keys or right here where we actually got this on.
Joseph Carson: Hopefully stays this way for the next couple of days. That's right. Awesome.
Marco Ciappelli: Take care everybody. Thank you.
Joseph Carson: That was fantastic.
Marco Ciappelli: Yeah,